Setting up antivirus (ClamAV)

Has anyone integrated anti-virus such as clam AV? If so, is it difficult to setup?

I haven’t tried it, but it should not be hard to setup. Make sure to backup your email first.

Maybe this will help you:

http://www.centrora.com/blog/install-free-antivirus-clamav-on-linux/

Or for ubuntu/fedora etc. :

http://wiki.opensource-excellence.com/index.php?title=How_to_install_ClamAV

Don’t forget to update the virus definitions:

sudo freshclam

Hi,

I fixed this today.
Here is how you set up ClamAV mailscanning on Ubuntu 14.04 LTS (and test it).

The simplest way to add it is by installing an configuring clamsmtp, it’s very lightweight and fast.
You can find it here if you want to know more: http://thewalter.net/stef/software/clamsmtp/

Anyways, here we go, open up a rootshell and type:

apt-get update
apt-get upgrade
apt-get install clamav clamav-freshclam clamsmtp
adduser clamsmtp clamav

This will install get the latest packages/updates and install the necessary dependencies plus add clamsmtp to the clamav group.

Now open up /etc/clamsmtpd.conf

vi /etc/clamsmtpd.conf

Now make sure you have the following two lines defined as below (you probably will have to change the ports).

OutAddress: 20025
Listen: 127.0.0.1:20026
Header: X-AV-Checked: AV Checked

Save the file and open up /etc/postfix/main.cf
Make sure that the following line is in there (again, you might change the port to resemble the port below).

virtual_transport=lmtp:[127.0.0.1]:10025

Then scroll down the file and add these lines to it:

# Added for ClamaV
content_filter = scan:127.0.0.1:20026
receive_override_options = no_address_mappings

Close main.cf and open up yet another file: /etc/postfix/master.cf
In the end of this file, paste:

# AV scan filter (used by content_filter)
scan unix - - n - 16 smtp

  •    -o smtp_send_xforward_command=yes*
    

# For injecting mail back into postfix from the filter
127.0.0.1:20025 inet n - n - 16 smtpd

  •    -o content_filter=*
    
  •    -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks*
    
  •    -o smtpd_helo_restrictions=*
    
  •    -o smtpd_client_restrictions=*
    
  •    -o smtpd_sender_restrictions=*
    
  •    -o smtpd_recipient_restrictions=permit_mynetworks,reject*
    
  •    -o mynetworks_style=host*
    
  •    -o smtpd_authorized_xforward_hosts=127.0.0.0/8*
    

Now restart your deamons:

/etc/init.d/postfix restart
/etc/init.d/clamsmtpd restart
/etc/init.d/clamav-daemon restart

(if you get errors that IP’s do not bind the correct way, restart your box).

Now to update your virus definitions type:

freshclam

You might want to add this to your crontab by running crontab -e

57 20 * * * /usr/bin/freshclam --quiet

This will update your virus definitions everyday automatically.

Now everything should be working fine, you can testing to sending yourself an email and checking out the headers. For instance in roundcube, go to your inbox, click on an email, click on the settings button on the icon bar and select “view source”. You should see the following header in there somewhere:

X-AV-Checked: AV Checked

If so… it works.

Hope this helps!

1 Like

Do you find that ClamAV catches much traffic? I find that the few viruses we get anymore are usually marked spam and so painfully obvious that nobody would open any attachments anyway. For my site, email viruses were a problem of the 2000s.

Just curious if you’re finding something different.

If it’s for compliance then I totally get that.

Thanks for this, I was able to get things going with these steps! :slight_smile:

It appears that 0.17 has broken the config listed here.

One issue with the ClamAV-recipe and 0.17 seems to be related to the new smtp_bind_address setting in postfix’s main.cf.

Adjusting the clamsmtpd.conf-file should help:

OutAddress: 127.0.0.1:20025

My conf was already configured that way. I messed around for half of the day trying different ports but made no headway. I ended up rolling back to 0.16 till I understand the changes a bit more.

I retried the update and the change that @ionos suggested. It still has not proved anything so it appears that I am stuck on .16 or will need to totally revert to the default configuration. :frowning: